From 0c599139e69e419865c7c105255944e33b2e193c Mon Sep 17 00:00:00 2001 From: Mike DePaulo Date: Wed, 24 Jun 2020 16:52:30 -0400 Subject: [PATCH] Split the pulp_database role into 2 roles: pulp_database vs pulp_database_config Includes removing the variable pulp_install_db. Necessitates a new role list for those not using `pulp_all_services` fixes: #7037 Split the pulp_database role into 2 roles: database vs config https://pulp.plan.io/issues/7037 --- CHANGES/7037.feature | 4 ++ CHANGES/7037.removal | 4 ++ docs/index.md | 3 +- docs/roles/pulp_database_config.md | 1 + mkdocs.yml | 1 + molecule/release-dynamic/converge.yml | 1 + molecule/source-dynamic/converge.yml | 1 + roles/pulp_all_services/README.md | 1 + roles/pulp_all_services/meta/main.yml | 1 + roles/pulp_common/README.md | 1 - roles/pulp_common/tasks/main.yml | 1 - roles/pulp_database/README.md | 18 ++++---- roles/pulp_database/defaults/main.yml | 2 - roles/pulp_database/meta/main.yml | 5 +-- roles/pulp_database/tasks/main.yml | 31 ++------------ roles/pulp_database_config/README.md | 34 ++++++++++++++++ roles/pulp_database_config/defaults/main.yml | 6 +++ roles/pulp_database_config/meta/main.yml | 25 ++++++++++++ roles/pulp_database_config/tasks/main.yml | 43 ++++++++++++++++++++ roles/pulp_database_config/vars/main.yml | 1 + roles/pulp_devel/README.md | 6 +++ 21 files changed, 147 insertions(+), 43 deletions(-) create mode 100644 CHANGES/7037.feature create mode 100644 CHANGES/7037.removal create mode 120000 docs/roles/pulp_database_config.md create mode 100644 roles/pulp_database_config/README.md create mode 100644 roles/pulp_database_config/defaults/main.yml create mode 100644 roles/pulp_database_config/meta/main.yml create mode 100644 roles/pulp_database_config/tasks/main.yml create mode 100644 roles/pulp_database_config/vars/main.yml diff --git a/CHANGES/7037.feature b/CHANGES/7037.feature new file mode 100644 index 000000000..2ee845150 --- /dev/null +++ b/CHANGES/7037.feature @@ -0,0 +1,4 @@ +Split the pulp_database role into pulp_database (installs postgres database) +and pulp_database_config (configures Pulp database) for the sake of proper +design. pulp_database no longer depends on pulp_common, so it can now be run +against a separate database server without Pulp installed. diff --git a/CHANGES/7037.removal b/CHANGES/7037.removal new file mode 100644 index 000000000..349efce35 --- /dev/null +++ b/CHANGES/7037.removal @@ -0,0 +1,4 @@ +`pulp_database`, which is now separate from `pulp_database_config`, no longer +understands the variable `pulp_install_db`. Installing the postgres database +server is now controlled by whether or not `pulp_database` is in the role list, +and `pulp_database_config` must be in the list. diff --git a/docs/index.md b/docs/index.md index b036d7b19..a00d64e78 100644 --- a/docs/index.md +++ b/docs/index.md @@ -142,7 +142,8 @@ pulp_installer is equipped with the following roles: - [pulp_common](roles/pulp_common): installs shared components of the Pulp 3 services from PyPi or source and provides basic config - [pulp_api](roles/pulp_api): install, configure, and set the state of pulp API service - [pulp_content](roles/pulp_content): install, configure, and set the state of pulp content app. -- [pulp_database](roles/pulp_database): optionally install a database, then configure for Pulp. +- [pulp_database](roles/pulp_database): install a suitable database server for Pulp 3 +- [pulp_database_config](roles/pulp_database_config): configure the database for Pulp 3 - [pulp_redis](roles/pulp_redis): install and start Redis, and install RQ in the Pulp virtualenv. - [pulp_resource_manager](roles/pulp_resource_manager): install, configure, and set the state of the pulp resouce manager. - [pulp_webserver](roles/pulp_webserver): install, configure, start, and enable a web server. diff --git a/docs/roles/pulp_database_config.md b/docs/roles/pulp_database_config.md new file mode 120000 index 000000000..1c9e55001 --- /dev/null +++ b/docs/roles/pulp_database_config.md @@ -0,0 +1 @@ +../../roles/pulp_database_config/README.md \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index ce107c8bc..239a1582f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -16,6 +16,7 @@ nav: - Pulp API: roles/pulp_api.md - Pulp Content: roles/pulp_content.md - Pulp Database: roles/pulp_database.md + - Pulp Database Configuration: roles/pulp_database_config.md - Pulp Devel: roles/pulp_devel.md - Pulp Redis: roles/pulp_redis.md - Pulp Resource Manager: roles/pulp_resource_manager.md diff --git a/molecule/release-dynamic/converge.yml b/molecule/release-dynamic/converge.yml index abd0dd83e..3e4b57ba8 100644 --- a/molecule/release-dynamic/converge.yml +++ b/molecule/release-dynamic/converge.yml @@ -15,6 +15,7 @@ loop: - pulp_database - pulp_redis + - pulp_database_config - pulp_api - pulp_content - pulp_resource_manager diff --git a/molecule/source-dynamic/converge.yml b/molecule/source-dynamic/converge.yml index 3cb642ea9..2fc4f225e 100644 --- a/molecule/source-dynamic/converge.yml +++ b/molecule/source-dynamic/converge.yml @@ -15,6 +15,7 @@ loop: - pulp_database - pulp_redis + - pulp_database_config - pulp_api - pulp_content - pulp_resource_manager diff --git a/roles/pulp_all_services/README.md b/roles/pulp_all_services/README.md index 2c0495bbe..93b6a14be 100644 --- a/roles/pulp_all_services/README.md +++ b/roles/pulp_all_services/README.md @@ -12,6 +12,7 @@ Currently, all it does is depend on the required roles, which are subject to change over time: - pulp_database - pulp_redis + - pulp_database_config - pulp_api - pulp_content - pulp_resource_manager diff --git a/roles/pulp_all_services/meta/main.yml b/roles/pulp_all_services/meta/main.yml index 18e9d9f8b..40f573f0f 100644 --- a/roles/pulp_all_services/meta/main.yml +++ b/roles/pulp_all_services/meta/main.yml @@ -24,6 +24,7 @@ galaxy_info: dependencies: - pulp_database - pulp_redis + - pulp_database_config - pulp_api - pulp_content - pulp_resource_manager diff --git a/roles/pulp_common/README.md b/roles/pulp_common/README.md index d6679eda5..48f3e09b3 100644 --- a/roles/pulp_common/README.md +++ b/roles/pulp_common/README.md @@ -49,7 +49,6 @@ Role Variables * `pulp_cache_dir`: Location of Pulp cache. Defaults to "/var/lib/pulp/tmp". * `pulp_config_dir`: Directory which will contain Pulp configuration files. Defaults to "/etc/pulp". -* `pulp_default_admin_password`: Initial password for the Pulp admin. **Required**. * `pulp_install_dir`: Location of a virtual environment for Pulp and its Python dependencies. Defaults to "/usr/local/lib/pulp". * `pulp_user_home`: equivalent to `MEDIA_ROOT` from `pulpcore` i.e. absolute path for pulp user home. diff --git a/roles/pulp_common/tasks/main.yml b/roles/pulp_common/tasks/main.yml index 3a6a1239a..84f820820 100644 --- a/roles/pulp_common/tasks/main.yml +++ b/roles/pulp_common/tasks/main.yml @@ -26,7 +26,6 @@ See https://pulp-installer.readthedocs.io/en/latest/ or pulp_installer/roles/pulp/README.md for more info. loop: - - pulp_default_admin_password - pulp_settings.content_origin - pulp_settings.secret_key - pulp_install_plugins diff --git a/roles/pulp_database/README.md b/roles/pulp_database/README.md index 0d583e3d4..01fbe6bb4 100644 --- a/roles/pulp_database/README.md +++ b/roles/pulp_database/README.md @@ -1,13 +1,16 @@ pulp_database ============= -Optionally install a database, then configure for Pulp. +Install a suitable database server for Pulp. More specifically, this role does the following: -1. Call the external role to install a database if `pulp_install_db` is true. -2. Install the Python bindings to interact with the specified database. -3. Create and run migrations. +1. Install and enable the appropriate SCL (EL7) +2. Call the external role to install a PostgreSQL database server. +3. Install the Python bindings to interact with the specified database via + the role. +4. Configures the PostgreSQL database to listen on all addresses if the + database is running on separate server. Role Variables -------------- @@ -28,11 +31,10 @@ Shared Variables This role sets the default to "auto", which is now more robust than "auto_legacy" on Ansible 2.8. -This role **is tightly coupled** with the required the `pulp_common` role and uses some of -variables which are documented in that role: +This role is **not tightly coupled** to the `pulp_common` role, but uses some of the same +variables. When used in the same play, the values are inherited from the role. +When not used together, this role provides identical defaults. -* `pulp_user` -* `pulp_default_admin_password` * `pulp_settings` Operating Systems Variables diff --git a/roles/pulp_database/defaults/main.yml b/roles/pulp_database/defaults/main.yml index e0cfe426c..92b3d9acd 100644 --- a/roles/pulp_database/defaults/main.yml +++ b/roles/pulp_database/defaults/main.yml @@ -1,6 +1,4 @@ --- -pulp_install_db: true - # Users should not set this variable, instead using `pulp_settings.databases` pulp_settings_db_defaults: databases: diff --git a/roles/pulp_database/meta/main.yml b/roles/pulp_database/meta/main.yml index 096d5920c..120a01742 100644 --- a/roles/pulp_database/meta/main.yml +++ b/roles/pulp_database/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Pulp Team - description: A role to setup Pulp 3's database + description: A role to install a suitable database server for Pulp 3 issue_tracker_url: https://pulp.plan.io/projects/pulp/issues/new license: GPL-2.0-or-later company: Red Hat @@ -21,5 +21,4 @@ galaxy_info: galaxy_tags: - pulp - pulpcore -dependencies: - - pulp_common +dependencies: [] diff --git a/roles/pulp_database/tasks/main.yml b/roles/pulp_database/tasks/main.yml index 4d5fbda6e..48343ffc9 100644 --- a/roles/pulp_database/tasks/main.yml +++ b/roles/pulp_database/tasks/main.yml @@ -13,31 +13,8 @@ tags: - always -- include_tasks: install_postgres.yml - when: - - pulp_install_db |bool - -- meta: flush_handlers - -- block: - - - name: Run database auth migrations - command: '{{ pulp_django_admin_path }} migrate auth --no-input' - register: migrate_auth - changed_when: "'No migrations to apply' not in migrate_auth.stdout" +- name: Set database defaults if not provided + set_fact: + merged_pulp_settings: "{{ pulp_settings_db_defaults|combine(pulp_settings, recursive=True) }}" - - name: Run database migrations - command: '{{ pulp_django_admin_path }} migrate --no-input' - register: result - changed_when: "'No migrations to apply' not in result.stdout" - - - name: Set the Pulp admin user's password - command: '{{ pulp_django_admin_path }} reset-admin-password --password {{ pulp_default_admin_password }}' - no_log: true - when: pulp_default_admin_password is defined and migrate_auth.changed - - run_once: true - become: true - become_user: '{{ pulp_user }}' - environment: - PULP_SETTINGS: "{{ pulp_settings_file }}" +- include_tasks: install_postgres.yml diff --git a/roles/pulp_database_config/README.md b/roles/pulp_database_config/README.md new file mode 100644 index 000000000..af5c032f1 --- /dev/null +++ b/roles/pulp_database_config/README.md @@ -0,0 +1,34 @@ +pulp_database_config +==================== + +Configure the database for Pulp 3 + +More specifically, this role does the following via `django-admin`: + +1. Create and run migrations. +2. Set the Pulp admin user's password. + +Role Variables +-------------- + +`pulp_default_admin_password`: Initial password for the Pulp admin. **Required**. + +Shared Variables +---------------- + +* `ansible_python_interpreter`: **Required**. Path to the Python interpreter. + This role sets the default to "auto", which is now more robust than + "auto_legacy" on Ansible 2.8. + +This role **is tightly coupled** with the required the `pulp_common` role and uses some of +variables which are documented in that role: + +* `pulp_django_admin_paths` +* `pulp_settings_file` +* `pulp_user` + +This role understands how to talk to the database server via `pulp_settings_file`, +which is written to disk in the `pulp_common` role, and whose relevant +values are set via the following variables: + +* `pulp_settings_db_defaults`: See pulp_database README. diff --git a/roles/pulp_database_config/defaults/main.yml b/roles/pulp_database_config/defaults/main.yml new file mode 100644 index 000000000..fcb1ce09c --- /dev/null +++ b/roles/pulp_database_config/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Auto is more robust for us than auto_legacy (still the default as of 2.8) +# because the geerlingguy.postgresql role, with RPM weak deps, installs +# /usr/bin/python pointing to python2, on Fedora 30. This in turn breaks +# running pulp_installer a 2nd time, because F30 lacks python2-dnf. +ansible_python_interpreter: auto diff --git a/roles/pulp_database_config/meta/main.yml b/roles/pulp_database_config/meta/main.yml new file mode 100644 index 000000000..e825fae37 --- /dev/null +++ b/roles/pulp_database_config/meta/main.yml @@ -0,0 +1,25 @@ +--- +galaxy_info: + author: Pulp Team + description: A role to configure the database for Pulp 3 + issue_tracker_url: https://pulp.plan.io/projects/pulp/issues/new + license: GPL-2.0-or-later + company: Red Hat + min_ansible_version: 2.8 + platforms: + - name: Debian + versions: + - buster + - name: Fedora + versions: + - 30 + - 31 + - name: EL + versions: + - 7 + - 8 + galaxy_tags: + - pulp + - pulpcore +dependencies: + - pulp_common diff --git a/roles/pulp_database_config/tasks/main.yml b/roles/pulp_database_config/tasks/main.yml new file mode 100644 index 000000000..7adf1ec60 --- /dev/null +++ b/roles/pulp_database_config/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: Check if required variables are set + assert: + that: + # This check runs it through jinja2 templating twice: built-in + # "that:" (like when:), and then the {{ }} + # It converts from item, to the string like pulp_default_admin_password , + # to the value of pulp_default_admin_password . + - "{{ item }} | default('', true) | length > 0" + fail_msg: > + {{ item }} is undefined, null, or an empty string. Please + set it in your variables + (e.g. pulp_installer/playbooks/example-use/group_vars/all) + and run pulp_installer again. + See https://pulp-installer.readthedocs.io/en/latest/ or + pulp_installer/roles/pulp/README.md for more info. + loop: + - pulp_default_admin_password + +- meta: flush_handlers + +- block: + + - name: Run database auth migrations + command: '{{ pulp_django_admin_path }} migrate auth --no-input' + register: migrate_auth + changed_when: "'No migrations to apply' not in migrate_auth.stdout" + + - name: Run database migrations + command: '{{ pulp_django_admin_path }} migrate --no-input' + register: result + changed_when: "'No migrations to apply' not in result.stdout" + + - name: Set the Pulp admin user's password + command: '{{ pulp_django_admin_path }} reset-admin-password --password {{ pulp_default_admin_password }}' + no_log: true + when: pulp_default_admin_password is defined and migrate_auth.changed + + run_once: true + become: true + become_user: '{{ pulp_user }}' + environment: + PULP_SETTINGS: "{{ pulp_settings_file }}" diff --git a/roles/pulp_database_config/vars/main.yml b/roles/pulp_database_config/vars/main.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/pulp_database_config/vars/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/pulp_devel/README.md b/roles/pulp_devel/README.md index 31e180079..ef366e338 100644 --- a/roles/pulp_devel/README.md +++ b/roles/pulp_devel/README.md @@ -49,6 +49,12 @@ use some of the same variables. When not used together, these values are **requi * `pulp_workers` +This role **is not tightly coupled** with the `pulp_database_config` role, +but it does use some of the same variables. When not used together, these values +are **required**. + +* `pulp_default_admin_password` + Aliases -------